<?php
include("../../tools/session.php");
include("../../tools/controls.php");
include("../../tools/pub.php");

// 如果登录失败、无权限访问，那么采取相应措施
if (!($is_login_success === true)) { session_hop_page("../index.php"); exit(); }
if (!power_check(0)) { include("tpl-inc-wp.php"); $tpl->display($oa_tpl_path . "/no-power.html"); exit(); }

/*-- 以下是实际内容 --*/
$page_status = $_POST["page_status"];
if (!$page_status)
{
   include("tpl-inc-wp.php");
   $tpl->display($oa_tpl_path . "/default/position_power.html");
}
// 如果 $page_status 为 1 时，显示员工数据
elseif ($page_status == 1)
{
   $section_id = $_POST["section_id"];
   
   include("../../tools/mysql.php");
   db_connect();
   
   header("content-type: text/xml");
   echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
   echo "<positions>\n";
   
   // $sql = "SELECT id, username, power_add, power_trim FROM view_user WHERE section_id=" . $section_id;
   $sql = "SELECT position_id, name, zh_name, power FROM position WHERE section_id=" . $section_id;
   $re = db_query($sql);
   
   foreach ($re as $v)
	 {
		$power = join(",", array_group_and_flat(array_merge(explode(",", $v["power"]),
		 				array("0"))));
		echo "<item>\n";
		echo "<id>" . $v["position_id"] . "</id>\n";
		echo "<name>" . $v["name"] . "</name>\n";
		echo "<zhname>" . $v["zh_name"] . "</zhname>\n";
		echo "<power>" . $power . "</power>\n";
		echo "</item>\n";
	 }
   
   echo "</positions>\n";
}
// 如果 $page_status == 2，那么修改权限
elseif ($page_status == 2)
{
	$pid = $_POST["pid"];
	$power = $_POST["power"];
	
	include("../../tools/mysql.php");
	db_connect();
	
	$sql = "UPDATE `position` SET `power`='" . $power . "' WHERE position_id=" . $pid;
	// echo db_exec($sql) ? "Success: 修改权限成功！" : "Error: 修改权限失败！";
	$log_str = array("职位（ID: " . $pid . "）权限设置成功！", "职位权限设置失败！");
	echo check_status_write_to_log(db_exec($sql), $log_str, FALSE);
}
?>
